RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-03-03 16:57:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,379 Commits 4 Branches 751 Tags 23 MiB
C 74.6%
Python 16.2%
Roff 5.2%
SWIG 1.2%
Makefile 1.1%
Other 1.7%
551d834c39
Go to file
Steve Lawrence 551d834c39 libsepol/cil: improve recursion detection 
Add support for detecting recursive blockinherits, and print a trace of
the detected loop. Output will look something like this upon detection:

  Recursive blockinherit found:
    test.cil:42: block a
    test.cil:43: blockinherit b
    test.cil:36: block b
    test.cil:37: blockinherit c
    test.cil:39: block c
    test.cil:40: blockinherit a

Additionally, improve support for detecting recursive macros/calls. Due
to the way calls are copied, the existing code only detected recursion
with call depth of three or more. Smaller depths, like

  (macro m ()
    (call m))

were not detected and caused a segfault. The callstack that was used for
this was not sufficient, so that is removed and replaced with a method
similar to the block recursion detection. A similar trace is also
displayed for recursive macros/calls.

Also, cleanup sidorder, classorder, catorder, sensorder, and in lists at
the end of resolve, fixing a potential memory leak if errors occur
during resolve.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-15 12:40:09 -04:00
checkpolicy Updated checkpolicy ChangeLog. 2015-07-31 09:04:52 -04:00
libselinux Updated libselinux ChangeLog. 2015-09-15 10:36:12 -04:00
libsemanage Update libsemanage ChangeLog. 2015-09-03 15:41:39 -04:00
libsepol libsepol/cil: improve recursion detection 2015-09-15 12:40:09 -04:00
policycoreutils Updated policycoreutils ChangeLog. 2015-08-25 15:07:52 -04:00
scripts Add secilc to release script. 2015-03-31 12:41:28 -04:00
secilc libsepol/cil: Add userattribute{set} functionality 2015-09-11 09:07:46 -04:00
sepolgen Updated sepolgen ChangeLog. 2015-08-05 15:16:18 -04:00
.gitignore global: gitignore: add a couple of more editor backup filetypes 2013-02-01 12:14:57 -05:00
Android.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
CleanSpec.mk Add empty top level Android.mk / CleanSpec.mk files 2015-04-16 07:54:09 -04:00
Makefile libsepol: Move secilc out of libsepol 2015-03-31 12:31:38 -04:00
README Add further build dependencies. 2015-02-23 09:08:13 -05:00

README 

Please submit all bug reports and patches to selinux@tycho.nsa.gov.
Subscribe via selinux-join@tycho.nsa.gov.

Build dependencies on Fedora:
yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.